diff options
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 | ||||
| -rw-r--r-- | .github/workflows/docker.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/go.coverage.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/go.test.yml | 3 | ||||
| -rw-r--r-- | .github/workflows/stale.yml | 6 |
5 files changed, 22 insertions, 0 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 50012f4cc..718035199 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -8,8 +8,15 @@ on: schedule: - cron: '22 10 * * 4' +permissions: + contents: read + jobs: analyze: + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/autobuild to send a status report name: Analyze runs-on: ubuntu-latest diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 824610f30..b2372f444 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -9,6 +9,9 @@ on: description: "Release (e.g., v1.9.0)" required: true +permissions: + contents: read + jobs: docker-release: runs-on: ubuntu-latest diff --git a/.github/workflows/go.coverage.yml b/.github/workflows/go.coverage.yml index 26f74e26a..77980c480 100644 --- a/.github/workflows/go.coverage.yml +++ b/.github/workflows/go.coverage.yml @@ -1,5 +1,8 @@ name: Go Coverage on: [pull_request] +permissions: + contents: read + jobs: test: name: Coverage diff --git a/.github/workflows/go.test.yml b/.github/workflows/go.test.yml index 00972dbe3..4b4808e54 100644 --- a/.github/workflows/go.test.yml +++ b/.github/workflows/go.test.yml @@ -1,5 +1,8 @@ name: Go Tests on: [push, pull_request] +permissions: + contents: read + jobs: test: name: Test diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 17252258d..b96ed6827 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,8 +3,14 @@ on: schedule: - cron: '30 1 * * *' +permissions: + contents: read + jobs: stale: + permissions: + issues: write # for actions/stale to close stale issues + pull-requests: write # for actions/stale to close stale PRs runs-on: ubuntu-latest steps: - uses: actions/stale@7fb802b3079a276cf3c7e6ba9aa003c665b3f838 |